Acrobat Reader is the name of Adobe’s free PDF viewer software. It was formerly referred to as Adobe Reader, but its full official name is now Adobe Acrobat Reader. It’s basically a stripped-down version of Acrobat, Adobe’s commercial PDF authoring tool, with most of Acrobat’s authoring capabilities removed. Acrobat Reader is free software, while Acrobat is not. If you need to author new PDF files, you need Acrobat. If you merely wish to view existing PDF files, all you need is Acrobat Reader, although Acrobat also does that.

At one point, there was only one version of Acrobat and one corresponding version of Reader. Sadly, those simpler days ended in 2015 when Adobe introduced ‘Document Cloud’ (DC) variations: Acrobat DC and Acrobat Reader DC. These new variants include cloud storage capabilities, making PDF viewing and editing more convenient for folks who work on multiple computers and platforms.

Confusing things further was a new split in the Acrobat/Reader catalog, between Continuous and Classicrelease tracks. They differ mainly in release priorities and update schedules. Classic variants are updated quarterly, and occasionally at other times; updates are limited to bug and security fixes. Continuous variants are updated more frequently, and besides bug and security fixes, updates include new features and enhancements.

On October 15, 2017, Adobe stopped producing the original Acrobat/Reader software in favour of the new Acrobat/Reader DC. The old software’s last version was 11.0.23. Adobe now officially recommends the DC variants over anything else. This should have simplified things, and it did, to some extent.

Adobe is also still making desktop-only versions of Acrobat and Acrobat Reader, which they refer to as Acrobat 2017 and Acrobat Reader 2017.

Which one?

Okay, so which version of Acrobat Reader do I install if I just want to view PDF files? For regular folks, it’s easiest to just stick with what Adobe wants you to use, which in most cases is Acrobat Reader DC (Continuous). The desktop-only version and the DC Classic versions exist mostly for IT staff who have very specific reasons for not wanting to run DC Continuous. For them, it comes down to a choice between having access to the latest features, and being somewhat less likely to encounter problems. For example, if ‘stable and secure’ is the goal, Acrobat Reader DC Classic Track is the right choice.

February 2018 updates

With that out of the way, let’s talk about the new versions of Acrobat Reader that were released earlier this week.

You can install Acrobat Reader by visiting the official download page at get.adobe.com/reader. That page will offer the version it thinks is best suited to your device, which for my Windows 8.1 PC is Acrobat Reader DC (Continuous Track) version 2018.011.20035. That’s also the version Adobe wants us all to use.

To install Acrobat Reader 2017 for Windows, go to the Acrobat2017 folder on the Adobe FTP site. Click the topmost folder, then click the installer EXE file in that folder to download it. Once installed, Acrobat Reader 2017 will keep itself updated, and you can check for any pending updates by selecting Help > Check for updates on its menu.

To install Acrobat Reader DC Classic for Windows, go to the Acrobat2015 folder on the Adobe FTP site. Click the topmost folder, then click the installer EXE file in that folder to download it. Once installed, Acrobat Reader DC Classic will keep itself updated, and you can check for any pending updates by selecting Help > Check for updates on its menu.

The new version will find its way to your desktop automatically, unless you’re diligent about killing Google’s pesky auto-update processes. If that describes you, or you just don’t want to wait, you can usually encourage Chrome to update itself by navigating to > Help > About Google Chrome.

There’s additional information in the full change log for Chrome 64.0.3282.167.

Earlier today, Microsoft released forty-two updates to address fifty-four vulnerabilities in Windows, Internet Explorer, Edge, Flash, and Office software. Fourteen of the vulnerabilities are flagged as critical, and have the potential to be used for remote code execution.

This information was extracted from Microsoft’s Security Update Guide, the rather opaque reservoir into which Microsoft now dumps its update information. Of course Microsoft would be happier if we all just enabled auto-updates, and in fact the monthly patch bulletins are now little more than a link to the SUG and a recommendation to enable auto-updates.

As usual, the release announcement says that the new version “will roll out over the coming days/weeks”. Since this release includes a security fix, it’s a good idea to check what version you’re running by navigating to the About Chrome page ( > Help > About Google Chrome).

On February 1, Adobe published a security advisory about a critical vulnerability (CVE-2018-4878) in Flash Player 28.0.0.137 and earlier versions. Successful exploitation could allow an attacker to take control of an affected system.

An exploit for CVE-2018-4878 already exists, and is being used in targeted attacks against Windows users. So far, attacks based on this vulnerability have been delivered via Office documents with malicious Flash content as email attachments.

Adobe plans to address this vulnerability next week. Meanwhile, use extreme caution when deciding whether to open email attachments, especially if they appear to be Office documents.

Flash is gradually disappearing from use, but it’s still used enough to make it a tempting target for malicious hackers.

Vivaldi 1.14 includes improvements for several existing features: vertical reading for Reader Mode, Markdown support in Notes, rearrangeable panels, and re-orderable search engines. Several dozen bugs are also addressed in the new version. There are no new security fixes in Vivaldi 1.14.

Somewhere along the line — possibly in this release — Vivaldi’s weird bookmark editor (the one in the bookmark sidebar) was finally made usable. It’s still weird, but at least now it works in a way that makes sense.

If you were diligent and installed firmware updates on your Windows computers, you should install the new Microsoft updates as soon as possible. Of course doing that will leave your computer exposed to Spectre V2. There’s no solution, other than to be vigilant and extremely careful about visiting shady web sites, installing downloaded software, and clicking links in email.

I guess I’m lucky that no firmware updates are even available for my computers. If they were available and I had installed them, I might be suffering random reboots and even data loss.

Black-hat hackers who are working on malware that exploits the Spectre and Meltdown vulnerabilities are no doubt enjoying this mess, and I have no doubt that we’ll start seeing real-world examples of their handiwork before long.

jrivett’s Tweets

New white paper confirms that compromising encryption (to make law enforcement a bit easier) is a very bad idea. AG and FBI officials are really just advertising their own weakness when they complain about this. techdirt.com/article…

Describing his hobby as 'fun' and saying “I never intended for anyone to get shot and killed”, this serial Swatter will hopefully get 10+ years behind bars for his role in a Kansas death-by-SWAT. krebsonsecurity.com/…